Bugtraq mailing list archives
Re: Cobalt root exploit
From: jlewis () LEWIS ORG (Jon Lewis)
Date: Thu, 25 Feb 1999 17:27:20 -0500
On Thu, 25 Feb 1999, Patrick Oonk wrote:
An individual obtained password information from history files on a Cobalt RaQ. With the RaQ, user directories are contained within the web tree. This is intentional since the purpose of our servers is for users to serve content on the web.
and a private directory. However, if a user telnets into the box and runs various shell commands, the bash shell maintains a .bash_history file.
I emailed Cobalt about this issue back in 12-98. I had a Qube on eval and noticed that the combination of user home directories being within the web server's document root dir and the default umask setting making user created files world readable meant that I could use a web browser to check for .bash_history files in each user's directory...mine of course had one. I was told by Will DeHaan <will () cobaltnet com>, that Cobalt really didn't intend to have users logging into the Qube for interactive shell sessions, but that they still planned to rearrange things such that each user home directory would not be in the web server's document root and would instead have the equivalent of a public_html dir. This change was to be integrated into future software releases. ----don't waste your cpu, crack rc5...www.distributed.net team enzo--- Jon Lewis *jlewis () lewis org*| Spammers will be winnuked or System Administrator | nestea'd...whatever it takes Atlantic Net | to get the job done. _________http://www.lewis.org/~jlewis/pgp for PGP public key__________
Current thread:
- Cobalt root exploit Patrick Oonk (Feb 25)
- Re: Cobalt root exploit Jon Lewis (Feb 25)
- <Possible follow-ups>
- Re: Cobalt root exploit John Fraizer (Feb 26)
- Re: Cobalt root exploit John Fraizer (Feb 26)
- Re: Cobalt root exploit Joel Eriksson (Feb 27)
- [mutt security] tempfile race in mutt Thomas Roessler (Feb 28)
- Re: Cobalt root exploit Illuminatus Primus (Feb 26)